Forum Discussion
Piotr_Lewandows
Altostratus
AltostratusSSL Orchestrator and SWG combined
Hi,
I wonder if it is at all possible to setup both SWG and SSL Orchestrator as combined solution using one BIG-IP (or two BIG-IP) setup?
Idea is to be able to use SWG features for user aut...
Kevin_Stewart
Employee
EmployeeThis is correct. In 14.0 SSL Orchestrator merges into the Access engine, so SWG functions become native as part of the SSLO per-request (service) policy.
But also important, authentication is not specifically a function of SWG. Auth is handled by APM. You would then use SWG to perform URL filtering and malware detection in the per-request policy. So in SSLO, you'd separate the two:
- Create an SWG-Explicit access profile to define user authentication (NTLM, Kerberos, Basic...).
- In SSLO, define Deployment Settings, forward proxy SSL settings, Services, a default service policy, and install the "default outbound rules" to specify an explicit forward proxy.
- After creating the default outbound rules, you'll see an interception rule with the "-xp" ending. Edit this interception rule and attach the SWG-Explicit access policy.
- Your configuration is essentially done here, and you'll be authenticating forward proxy traffic. You can then optionally go into the created service policy visual policy and make any needed modifications to do additional URL filtering.
